* 1.8.0 (2012-XX-XX)
- * simplified usage of the autoescape tag; the only argument is now the escaping strategy or false (with a BC layer)
+ * simplified usage of the autoescape tag; the only (optional) argument is now the escaping strategy or false (with a BC layer)
* added a way to dynamically change the auto-escaping strategy according to the template "filename"
* changed the autoescape option to also accept a supported escaping strategy (for BC, true is equivalent to html)
* added an embed tag
{{ article.to_html|raw }}
-You can also change the escaping mode locally by using the ``autoescape`` tag:
+You can also change the escaping mode locally by using the ``autoescape`` tag
+(see the :doc:`autoescape<../tags/autoescape>` doc for the syntax used before
+Twig 1.8):
.. code-block:: jinja
- {% autoescape true %}
+ {% autoescape 'html' %}
{{ var }}
{{ var|raw }} {# var won't be escaped #}
{{ var|escape }} {# var won't be double-escaped #}
.. code-block:: jinja
- {% autoescape true %} {# as of Twig 1.8, this is equivalent to {% autoescape 'html' %} #}
+ {# The following syntax works as of Twig 1.8 -- see the note below for previous versions #}
+
+ {% autoescape %}
Everything will be automatically escaped in this block
using the HTML strategy
{% endautoescape %}
- {% autoescape false %}
- Everything will be outputted as is in this block
- {% endautoescape %}
-
- {# deprecated as of Twig 1.8 #}
- {% autoescape true js %}
+ {% autoescape 'html' %}
Everything will be automatically escaped in this block
- using the js escaping strategy
+ using the HTML strategy
{% endautoescape %}
- {# as of Twig 1.8 #}
{% autoescape 'js' %}
Everything will be automatically escaped in this block
using the js escaping strategy
{% endautoescape %}
+ {% autoescape false %}
+ Everything will be outputted as is in this block
+ {% endautoescape %}
+
+.. note::
+
+ Before Twig 1.8, the syntax was different:
+
+ .. code-block:: jinja
+
+ {% autoescape true %}
+ Everything will be automatically escaped in this block
+ using the HTML strategy
+ {% endautoescape %}
+
+ {% autoescape false %}
+ Everything will be outputted as is in this block
+ {% endautoescape %}
+
+ {% autoescape true js %}
+ Everything will be automatically escaped in this block
+ using the js escaping strategy
+ {% endautoescape %}
+
When automatic escaping is enabled everything is escaped by default except for
values explicitly marked as safe. Those can be marked in the template by using
the :doc:`raw<../filters/raw>` filter:
.. code-block:: jinja
- {% autoescape true %}
+ {% autoescape %}
{{ safe_value|raw }}
{% endautoescape %}
public function parse(Twig_Token $token)
{
$lineno = $token->getLine();
- $expr = $this->parser->getExpressionParser()->parseExpression();
- if (!$expr instanceof Twig_Node_Expression_Constant) {
- throw new Twig_Error_Syntax('An escaping strategy must be a string or a Boolean.', $lineno);
- }
- $value = $expr->getAttribute('value');
-
- $compat = true === $value || false === $value;
- if (true === $value) {
+ if ($this->parser->getStream()->test(Twig_Token::BLOCK_END_TYPE)) {
$value = 'html';
- }
+ } else {
+ $expr = $this->parser->getExpressionParser()->parseExpression();
+ if (!$expr instanceof Twig_Node_Expression_Constant) {
+ throw new Twig_Error_Syntax('An escaping strategy must be a string or a Boolean.', $lineno);
+ }
+ $value = $expr->getAttribute('value');
- if ($compat && $this->parser->getStream()->test(Twig_Token::NAME_TYPE)) {
- if (false === $value) {
- throw new Twig_Error_Syntax('Unexpected escaping strategy as you set autoescaping to false.', $lineno);
+ $compat = true === $value || false === $value;
+
+ if (true === $value) {
+ $value = 'html';
}
- $value = $this->parser->getStream()->next()->getValue();
+ if ($compat && $this->parser->getStream()->test(Twig_Token::NAME_TYPE)) {
+ if (false === $value) {
+ throw new Twig_Error_Syntax('Unexpected escaping strategy as you set autoescaping to false.', $lineno);
+ }
+
+ $value = $this->parser->getStream()->next()->getValue();
+ }
}
$this->parser->getStream()->expect(Twig_Token::BLOCK_END_TYPE);
--TEST--
"autoescape" tag applies escaping on its children
--TEMPLATE--
+{% autoescape %}
+{{ var }}<br />
+{% endautoescape %}
{% autoescape 'html' %}
{{ var }}<br />
{% endautoescape %}
return array('var' => '<br />')
--EXPECT--
<br /><br />
+<br /><br />
<br /><br />
<br /><br />
<br /><br />
projects / web/konrad/twig.git / commitdiff